This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
It was found that the fix for CVE-2014-6271 was incomplete, and Bash
still allowed certain characters to be injected into other
environments via specially crafted environment variables. An attacker
could potentially use this flaw to override or bypass environment
restrictions to execute shell commands. Certain services and
applications allow remote unauthenticated attackers to provide
environment variables, allowing them to exploit this issue
(CVE-2014-7169, CVE-2014-7186, CVE-2014-7187).
Additionally bash has been updated from patch level 37 to 48 using the
upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/ which
resolves various bugs.
See also :
Update the affected bash and / or bash-doc packages.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.8
Public Exploit Available : true